Spring security websocket and HTTP authentication/authorization
Summary I would like to implement websocket communication over STOMP. Authenticate The user in the time of the first (HTTP request) websocket handshake and use this Principal for authorizing websocket messages later. Problem The system authenticates the client at the first time when it tries to connect to the websocket endpoint (the time of HTTP handshake). My spring security filter and Authentication provider does its job and authenticates the client properly. After this I can check that the client gets the Roles and my Authentication object is stored in the SecurityContext as well. (At this